Denial of Service in SAP NetWeaver AS for Java Http Service Monitoring Filter
CVE-2021-33670

7.5HIGH

Key Information:

Vendor: SAP
Status: SAP Netweaver As For Java (http Service)
Vendor: CVE Published:; 14 July 2021

🔔 Create SAP Vulnerability Alert

What is CVE-2021-33670?

A vulnerability in the Http Service Monitoring Filter of SAP NetWeaver AS for Java allows an attacker to send multiple HTTP requests with different methods. This action can overwhelm the filter, resulting in it crashing and causing the HTTP server to become unavailable for legitimate users, effectively leading to a denial of service scenario.

Affected Version(s)

SAP NetWeaver AS for Java (Http Service) < 7.10 < 7.10

SAP NetWeaver AS for Java (Http Service) < 7.11 < 7.11

SAP NetWeaver AS for Java (Http Service) < 7.20 < 7.20

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3056652

x_refsource_MISC

http://seclists.org/fulldisclosure/2022/May/4

mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 14, 2021
Vulnerability Reserved
May 28, 2021

.